id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux
4617 permission_required decorator behaviour is odd cbrand@… ctrochalakis "The permission_required() decorator is a great idea, but in practice its behaviour is odd.
When used, it first checks whether the user is logged in. If they're not, it redirects to the login page. So far, so good.
If they are logged in, it then checks whether they have been granted the specified permission. If they have, it calls the view function and displays the result. Also good.
If they're logged in but don't have the specified permission, it redirects to the login page. This is odd. Sure, they might have another user id they can use, but that sounds unusual to me. In most cases, this is just going to confuse them because they're already logged in.
Surely it would make more sense to return a HttpResponseForbidden in this case, even if the code to achieve that is a little more complex.
" Bug closed contrib.auth master Normal fixed easy-pickings dceu2011 Tom Christie Ready for checkin 1 0 0 0 1 0